Add ability of cancancan
This commit is contained in:
parent
eab254aa4a
commit
31d5d81c9b
2 changed files with 17 additions and 0 deletions
|
@ -2,4 +2,8 @@ class ApplicationController < ActionController::Base
|
|||
# Prevent CSRF attacks by raising an exception.
|
||||
# For APIs, you may want to use :null_session instead.
|
||||
protect_from_forgery with: :exception
|
||||
|
||||
rescue_from CanCan::AccessDenied do |exception|
|
||||
redirect_to root_url, alert: exception.message
|
||||
end
|
||||
end
|
||||
|
|
13
app/models/ability.rb
Normal file
13
app/models/ability.rb
Normal file
|
@ -0,0 +1,13 @@
|
|||
class Ability
|
||||
include CanCan::Ability
|
||||
|
||||
def initialize(user)
|
||||
user ||= User.new # guest user (not logged in)
|
||||
|
||||
if user.penning?
|
||||
can :manage, :all
|
||||
else
|
||||
can :read, user, id: user.id
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue